Since we cannot make sure the 'len = pair_size * num_regs' will always
be none zero from the users, and then if 'num_regs' equals to zero by
mistake or other reasons, the kzalloc() will return ZERO_SIZE_PTR, which
equals to ((void *)16).
So this patch fix this with just doing the 'len' zero check before calling
kzalloc().
Signed-off-by: Xiubo Li <[email protected]>
---
drivers/base/regmap/regmap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 18d193f..4ef7a24 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1685,6 +1685,9 @@ static int _regmap_raw_multi_reg_write(struct regmap *map,
size_t pair_size = reg_bytes + pad_bytes + val_bytes;
size_t len = pair_size * num_regs;
+ if (!len)
+ return -EINVAL;
+
buf = kzalloc(len, GFP_KERNEL);
if (!buf)
return -ENOMEM;
--
1.8.4
On Wed, Apr 30, 2014 at 05:31:08PM +0800, Xiubo Li wrote:
> Since we cannot make sure the 'len = pair_size * num_regs' will always
> be none zero from the users, and then if 'num_regs' equals to zero by
> mistake or other reasons, the kzalloc() will return ZERO_SIZE_PTR, which
> equals to ((void *)16).
Applied, thanks.